Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Security

Full-Disclosure Wins Again 122

Posted by CmdrTaco from the mommy-where-do-patches-come-from dept.
twistedmoney99 writes "The full-disclosure debate is a polarizing one. However, no one can argue that disclosing a vulnerability publicly often results in a patch — and InformIT just proved it again. In March, Seth Fogie found numerous bugs in EZPhotoSales and reported it to the vendor, but nothing was done. In August the problem was posted to Bugtraq, which pointed to a descriptive article outlining numerous bugs in the software — and guess what happens? Several days later a patch appears. Coincidence? Probably not considering the vendor stated "..I'm not sure we could fix it all anyway without a rewrite." Looks like they could fix it, but just needed a little full-disclosure motivation."
This discussion has been archived. No new comments can be posted.

Full-Disclosure Wins Again More

Full-Disclosure Wins Again

Comments Filter:

  • How Software Works (Score:5, Funny)

    by mfh ( 56 ) on Wednesday August 15, 2007 @12:13PM (#20237841) Homepage Journal
    1. Bug is reported.
    2. Secretly, a team of crack programmers (or programmers on crack) develop the patch.
    3. The patch sits in a repository until public outcry.
    4. Public outcry.
    5. Patch released... LOOK HOW FAST WE ARE!

  • Re:A bug only exists... (Score:5, Funny)

    by mrchaotica ( 681592 ) * on Wednesday August 15, 2007 @12:58PM (#20238373)

    He fell into the sarchasm.

  • Re:A bug only exists... (Score:2, Funny)

    by grumpy_old_troll ( 1049646 ) on Wednesday August 15, 2007 @01:18PM (#20238637)
    A time bomb doesn't exist if it hasn't exploded yet.

  • Re:A bug only exists... (Score:5, Funny)

    by Thuktun ( 221615 ) on Wednesday August 15, 2007 @03:10PM (#20240095) Journal

    Sadly, we live in a world where most people in power actually believe that anyone who points out problems is just as bad as someone who causes and exploits problems.
    NARRATOR: Fortunately, our handsomest politicians came up with a cheap, last-minute way to combat global warming. Ever since 2063 we simply drop a giant ice cube into the ocean every now and then. Of course, since the greenhouse gases are still building up, it takes more and more ice each time. Thus solving the problem once and for all.

    GIRL: But--

    NARRATOR: Once and for all!

  • morality (Score:2, Funny)

    by Anonymous Coward on Wednesday August 15, 2007 @03:11PM (#20240111)
    Forget morality for a minute... Making the bigwigs at some major company cry out "OH SHIT" in unison is one of the few sources or free entertainment I have left.

  • Re:A bug only exists... (Score:1, Funny)

    by Anonymous Coward on Wednesday August 15, 2007 @03:59PM (#20240723)
    Sadly, we live in a world where most people in power actually believe that anyone who points out problems is just as bad as someone who causes and exploits problems.

    IMHO, knowing about specific software flaws is an advantage to everyone but the company that makes the software with the flaw. The people in power only "think" the way you describe because they get their power from the same companies that loose out when someone finds a flaw with that companies software.
    Hand a policeman a $20 bill and help you around a law and you will go to jail for bribery. Hand a politician a $20 bill for the same thing and you will get your favorable treatment and get invited to dinner.

Slashdot Top Deals

Happiness is twin floppies.

Close